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21 Services: Secure authentication system for public WLAN roaming 
Yasuhiko Matsunaga, Ana Sanz Merino, Takashi Suzuki, Randy H. Katz 
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September 2003 Proceedings of the 1st ACM international workshop on Wireless 
mobile applications and services on WLAN hotspots WMASH '03 
Publisher: ACM Press 

Full text available: 'p;| pdf(248, 60 KB) Additional Information: MLcitation, abstract, references , citings, index 

tiims 

A serious impediment for seamless roaming between independent wireless LANs (WLANs) 
is how best to confederate the various WLAN service providers, each having different trust 
relationships with individuals and each supporting their own authentication schemes which 
may vary from one provider to the next. We have designed and implemented a 
comprehensive single sign-on (SSO) authentication architecture that confederates WLAN 
service providers through trusted identity providers. Users select the app ... 

Keywords: authentication, hotspot, link layer security, policy control, roaming, single 
sign-on, wireless LAN 



22 
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Kirk McKusick 

March 2003 Queue, volume i issue i 
Publisher: ACM Press 
Full text available: ■g pdf(148.92 KB) 
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An architecture for secure wide-area service discovery 

Todd D. Modes, Steven E. Czerwinski, Ben Y. Zhao, Anthony D. Joseph, Randy H. Katz 
March 2002 Wireless Networks, volume 8 issue 2/3 
Publisher: Kluwer Academic Publishers 

Additional Information: full citation , abstract , references , citings . Index 
terms 



Full text available: ^pdf(36 5.68 K B) 



The widespread deployment of inexpensive communications technology, computational 
resources in the networking infrastructure, and network-enabled end devices poses an 
interesting problem for end users: how to locate a particular network service or device out 
of hundreds of thousands of accessible services and devices. This paper presents the 
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architecture and Implementation of a secure wide-area Service Discovery Service (SDS). 
Service providers use the SDS to advertise descriptions of available ... 

Keywords: location services, name lookup, network protocols, service discovery 



2^ XML security: Ce rtific ate validation service using XKMS for c on n pu t at ional g rid Q 
Namje Park, Kiyoung Moon, Sungwon Sohn 

October 2003 Proceedings of the 2003 ACM workshop on XML security XMLSEC '03 
Publisher: ACM Press 

Full text available: ^ pdf( 7.01 MB ) Additional Information: f ull c itati on , abstract , reference s, index terms 

A computational grid is a hardware and software infrastructure capable of providing 
dependable, consistent, pervasive, and inexpensive access to high-end computational 
resource. There are many ways to access the resources of a computational grid, each with 
unique security requirements and implications for both the resource user and the resource 
provider. Current Grid security Infrastructure using PKI based on SSO. But open grid 
service Security Infrastructure in Global Grid Forum(GGF) will exten ... 

Keywords: GSI, XKMS, XML, XML security, certificate validation, grid, key management, 
security 




25 DIM frameworks: A delegation framework for federated identity management 
^ Hidehito Gomi, Makoto Hatakeyama, Shigeru Hosono, Satoru Fujita 
>^ November 2005 Proceedings of the 2005 workshop on Digital identity management 
Dli^ -05 
Publisher: ACM Press 

Full text available: ^ pdf(249 .06 K B) Additional Information: f ull citation , abstrac t, references , index terms 

Identity federation is a powerful sclieme that links accounts of users maintained distinctly 
by different business partners. The concept of network Identity is a driver for accelerating 
automation of Web Services on the Internet for users on their behalf while protecting 
privacy of their personally identifiable information. Although users of Web Services 
essentially delegate some or all privileges to an entity to perform actions, current identity 
based systems do not take into sufficient consider ... 

Keywords: access control, delegation. Identity federation, privilege, role 



A Metadata C atalo g Service for Data Intensive A p plications Q 
Gurmeet Singh, Shishir Bharathi, Ann Chervenak, Ewa Deelman, Carl Kesselman, Mary 
Manohar, Sonal Patil, Laura Pearlman 

November 2003 Proceedings of the 2003 ACM/IEEE conference on Supercomputing SC 
'03 

Publisher: IEEE Computer Society 

Full text available: ^ p.df(17825 ^K^^^^ Additional Information: MLck abstract, citings 

Advances in computational, storage and network technologies as well as middle ware such 
as the Globus Toolkit allow scientists to expand the sophistication and scope of data- 
intensive applications. These applications produce and analyze terabytes and petabytes of 
data that are distributed in millions of files or objects. To manage these large data sets 
efficiently, metadata or descriptive information about the data needs to be managed. 
There are various types of metadata, and it is likely that a ... 

27 g 

Imp l ementin g role bas ed a c c ess control for federated in f ormation systems on the 
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web 

Kerry Taylor, James Murty 

January 2003 Proceedings of the Australasian information security workshop 

conference on ACSW frontiers 2003 - Volume 21 ACSW Frontiers '03 

Publisher: Australian Computer Society, Inc. 

Full text available" S pdfC21 7 89 KB) A*^^'^'^^^' Information; full citation , abstract , references , citin gs. I ndex 
^ t erms 

There Is rapidly Increasing interest in Australia In on-line sharing of information stored in 
corporate databases, especially within and between staff of independent government 
agencies. Biological collections databases and population health GIS are good examples of 
the frequent situation where database custodians are looking for dynamic, distributed, 
heterogenous federated information system models for information sharing within loosely 
constituted communities. This paper describes a security m ... 

Keywords: RBAC, federated databases 



Identificat ion con trol: Owner-controlled information Q 
Carrie Gates, Jacob Slonim 

August 2003 Proceedings of the 2003 workshop on New security paradigms NSPW 
•03 

Publisher: ACM Press 

Full text available: ^pd f(1 , Q6 MB ) Additional Information: full c itation. aMtiact, refer ences 

Information about individuals is currently maintained in many thousands of databases, 
with much of that information, such as name and address, replicated across multiple 
databases. However, this proliferation of personal information raises issues of privacy for 
the individual, as well as maintenance issues in terms of the accuracy of the information. 
Ideally, each individual would own, maintain and control his personal information, 
allowing access to those who needed at the time it was needed. 0 ... 




Keywords: architecture, privacy, security 



29 Mobile services and technology track: A conceptual approach to information security Q 
^ in financial account aggregation 

^ Manish Agrawal, Hemant Padmanabhan, Lokesh Pandey, H. R. Rao, Shambhu Upadhyaya 
March 2004 Proceedings of the 6th international conference on Electronic commerce 

ICEC '04 
Publisher: ACM Press 

Full text available: ^pdf( 1 73.70 KB) Additional Information: full citation , abstract , references 

An important dimension of mobile computing Is the ubiquitous and location-Independent 
availability of data. Aggregation is the ability to electronically access and display personal 
account information from disparate sources through a single identity. The client financial 
data is assembled in an organized format providing meaningful summarization and 
analysis. The prevalent methods of aggregation pose issues in information security and 
assurance. Utilizing advances in Internet technology such as ... 

Keywords: account service providers, aggregation, identity service providers, scraping 



3^ Security and Mi d d leware Services: Towards flexible credential verification in nnobile Q 
ad-hoc networks 
Sye Loong Keoh, Emil Lupu 

October 2002 Proceedings of the second ACM international workshop on Principles of 
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mobile computing POMC '02 

Publisher: ACM Press 

Full text available:^ pdf(281 .24 KB) Additional Information: full citation, abstract, references, in de x terms 

Ad-hoc networks facilitate interconnectivity between mobile devices without the support 
of a network infrastructure. In this paper we propose a flexible credential verification 
mechanisnn, which innproves the likelihood that participants in an ad-hoc network can 
verify each other's credentials despite the lack of access to certification and attribute 
authorities. Users maintain Credential Assertion Statements (CASs), which are formed 
through extraction of X.509 and attribute certificates into an i ... 

Keywords: authentication, credential verification, security, trust 



^'^ Onward!: Ercatons an d o rg an ic programming: say good-bye to planned economy 
Oliver Imbusch, Falk Langhammer, Guido von Walter 

October 2005 Companion to the 20tli annual ACM SIGPLAN conference on Object- 
oriented programming, systems, languages, and applications OOPSLA 
'05 

Publisher: ACM Press 

Full text available: Wi pdf{529.93 KB) 

^ „ _. .^^ Additional Information: full citation , abstract , references . Index terms 
Q..rnov(.3^^^^^^ 

Organic programming (OP) Is our proposed and already emerging programming model 
which overcomes some of the limitations of current practice in software development in 
general and of object-oriented programming (OOP) in particular. Ercatons provide an 
implementation of the model. In some respects, OP is less than a (new) programming 
language, in others, it is more. An "ercato machine" implements the ideas discussed and 
has been used to validate the concepts described here. Organic programming is c ... 

Keywords: J2EE, XML, complexity, ercatons, models, software architecture, software 
engineering 



32 Certificate-based authorization policy in a PKI environment 
^ Mary R. Thompson, Abdelilah Essiarl, Srllel<ha Mudumbai 

^ November 2003 ACM Transactions on Information and System Security (TISSEC), 

Volume 6 Issue 4 

Publisher: ACM Press 

Full text available* 1*1 Ddf(233 63 KB) Additional Information: full c itation, a bstract , referen ces, citin gs, index 
'^.0-1 = — _J terms 

The major emphasis of public l<ey infrastructure has been to provide a cryptographically 
secure means of authenticating Identities. However, procedures for authorizing the 
holders of these Identities to perform specific actions still need additional research and 
development. While there are a number of proposed standards for authorization 
structures and protocols such as KeyNote, SPKI, and SAML based on X.509 or other key- 
based identities, none have been widely adopted. As part of an effort to us ... 

Keywords: Public key Infrastructure, XML, digital certificates 



33 Mobile and pervasive commerc e track: Towards flexible mobile payment via 
mediator-based serv i ce m odel 
Charles Chong, Hui-Na Chua, Cheng-Suan Lee 

August 2006 Proceedings of tlie 8th international conference on Electronic 

commerce: The new e-commerce: innovations for conquering current 
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barriers, obstacles and limitations to conducting successful business on 
the internet ICEC '06 
Publisher: ACM Press 

Full text available: ^ pdff233.86 KB) Additional Information: full citation , abstract , references , index terms 

Applications and digital goods for mobile devices have been around for more than a 
decade. Recent technology development has also driven the use of mobile commerce 
technology. Mobile commerce is another form of payment but it has the ability to embrace 
new ideas concerning digital money as mobile device have grown to become an essential 
personal needs. A range of businesses have already been thinking along these lines and 
tried to gear their ideas towards using the mobile phone as a payment devi ... 

Keywords: agents, middleware, mobile payment, mobility, web services 



On specifying security policies for web documents with an XML-based language 
Elisa Bertino, Silvana Castano, Elena Ferrari 

May 2001 Proceedings of the sixth ACM symposium on Access control models and 
technologies SACMAT '01 

Publisher: ACM Press 

Full text available: ■ Bpdf(290.20 KB) Additional Information: MLcitation, abstract, references, citiogs. index 

t erms 

The rapid growth of the Web and the ease with which data can be accessed facilitate the 
distribution and sharing of information. Information dissemination often takes the form of 
documents that are made available at Web servers, or that are actively broadcasted by 
Web servers to interested clients. In this paper, we present an XML-compliant formalism 
for specifying security-related information for Web document protection. In particular, we 
IntroduceX-Sec, an XML-based lang ... 

Keywords: XML, access control, security policies, subject credentials 



^® A survey of autonomic commu nications 

Simon Dobson, Spyros Denazis, Antonio Fernandez, Dominique Gaiti, Erol Gelenbe, Fabio 
Massacci, Paddy Nixon, Fabrice Saffre, Nikita Schmidt, Franco Zambonelli 
December 2006 ACM Transactions on Autonomous and Adaptive Systems (TAAS), 

Volume 1 Issue 2 
Publisher: ACM Press 

Full text available: Q pdf(300.86 KB) Additional Information: fylcitatb^^^ abstract, refe r enc e s, index terms 

Autonomic communications seek to improve the ability of network and services to cope 
with unpredicted change, including changes in topology, load, task, the physical and 
logical characteristics of the networks that can be accessed, and so forth. Broad-ranging 
autonomic solutions require designers to account for a range of end-to-end issues 
affecting programming models, network and contextual modeling and reasoning, 
decentralised algorithms, trust acquisition and maintenance— issues whose soluti ... 

Keywords: Autonomic communication 




^® S ec u r e sessi ons fo r web services 

Karthikeyan Bhargavan, Ricardo Corin, Cedric Fournet, Andrew D. Gordon 

October 2004 Proceedings of the 2004 workshop on Secure web service SWS '04 

Publisher: ACM Press 

Full text available:^ pdf(351. 35 KB ) Additional Information: full citation , a bstract , references , citin gs 
WS-Security provides basic means to secure SOAP traffic, one envelope at a time. For 
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typical web services, liowever, using WS-Security Independently for each message is 
rather inefficient; besides, it is often important to secure the integrity of a whole session, 
as well as each message. To these ends, recent specifications provide further SOAP-level 
mechanisms. WS-SecureConversation introduces security contexts, which can be used to 
secure sessions between two parties. WS-Trust specifies ... 

37 Multimedia coding and security: A flexible and scalable authentication scheme for 
^ JPEG 2000 image codestreams 

^ Cheng Peng, Robert H. Deng, Yongdong Wu, Weizhong Shao 

November 2003 Proceedings of the eleventh ACM international conference on 
Multimedia MULTIMEDIA '03 

Publisher: ACM Press 

Full text available' IPI pdf{207 02 KB) ^^^'^'^'^^^ Information: full citation , abstract , references , citin gs, index 
^ — terms 

JPEG2000 is an ennerging standard for still image compression and is becoming the 
solution of choice for many digital imaging fields and applications. An important aspect of 
JPEG2000 is its "compress once, decompress many ways" property [1], i. e., it allows 
extraction of various sub-images (e.g., images with various resolutions, pixel fidelities, 
tiles and components) all from a single compressed Image codestream. In this paper, we 
present a flexible and scalable authentication scheme for JPEG20 ... 

Keywords: JPEG2000, authentication, data integrity, digital signature, Image 
compression, merkle hash tree, message digest, one-way hash function 



Privacy protecti on : Managing p ri vacy preferences for f edera te d ide nti ty man ag ement ^jj^ 
Gail-Joon Ahn, John Lam 

November 2005 Proceedings of the 2005 workshop on Digital identity management 
Dli^ '05 

Publisher: ACM Press 

Full text available: ^ pdf(207.65 KB) Additional Information: full citation , abstract , references , index terms 

We have witnessed that the Internet is now a prime vehicle for business, community, and 
personal interactions. The notion of identity is the important component of this vehicle. 
Identity management has been recently considered to be a viable solution for simplifying 
user management across enterprise applications. The network identity of each user is the 
global set of personal credentials and preferences constituting the various accounts. The 
prevalence of business alliances or coalitions necessi ... 

Keywords: identity management, policy languages, privacy 




Formal methods: Tailorin g t he Doiev-Yao abstraction to web services realities 
Michael Backes, Thomas Crop 

November 2005 Proceedings of the 2005 workshop on Secure web services SWS '05 

Publisher: ACM Press 

Full text available: ^ pdf(213,Q5 KB) Additional Information: full citation , abstract , references , index terms 

Web Services are an important series of standards for adding semantics to web-based and 
XML-based communication. For analyzing the security of Web Services protocols 
composed of these standards, it is tempting to exploit their similarity to traditional 
security protocols by first transforming them into the Dolev-Yao abstraction, where 
cryptographic operators are treated symbolically as constructors of a free algebra, and as 
a second step by applying existing symbolic techniques for machine-assis ... 

Keywords: Dolev Yao, federated identity management, formal method, protocol model. 
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40 Fed e rating and harvesting metadata: JAFER ToolKit pro j ect: interfacing Z39.50 and 
^ XM L 

^ Antony Corfield, Matthew Dovey, Richard Mawby, Colin Tatham 

July 2002 Proceedings of the 2nd ACM/IEEE-CS joint conference on Digital libraries 
JCDL '02 

Publisher: ACM Press 

Full text available: gpdf d 86.28 KB) Additional Information: full citatio n, abstract , references , index terms 

In this paper, we describe the JAFER ToolKit project which is developing a simplified XML 
based API above the Z39,50 protocol[l]. The ToolKit allows the development of both 
Z39.50 based applications (both clients and servers) without detailed knowledge of the 
complexities of the protocol. 

Keywords: Java, XML, XSLT, Z39.50, programming 
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